package boot.spring.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;

@Order(6)
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
	@Override
    public void configure(ResourceServerSecurityConfigurer resources) {
 
        resources.resourceId("rid") // 配置资源id，这里的资源id和授权服务器中的资源id一致
                .stateless(true); // 设置这些资源仅基于令牌认证
    }
 
    /** 
     * 配置 URL 访问权限,
     * 除了前端相关接口，其余资源需要用token才能请求
	**/
    @Override
    public void configure(HttpSecurity http) throws Exception {
    	http
        .authorizeRequests()
        .antMatchers("/oauth/**", "/plugins/**","/css/**","/img/**","/js/**","/index","/useradmin","/roleadmin","/permissionadmin").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")     //登录页面
            .loginProcessingUrl("/loginvalidate") //登录认证地址
            .defaultSuccessUrl("/index", true)  //登陆成功后的地址
            .permitAll()
            .and()
        .logout().logoutUrl("/logout")
            .permitAll()
            .and().csrf().disable();
    }
}
